alt Hacker NewsDANE is entirely dependent on DNSSEC, and DNSSEC is, by design, under the government control, with all the bureaucratic mess and mistakes this implies.
This would be pretty terrible if anyone actually cared about DNSSEC, but luckily for us, no one cares.. So let's keep things this way.
Replies
Parodper • last Tuesday at 10:36 PM
You obviously don't know how DNSSEC works. The DNS root of trust is ICANN, not a government.
➕ show 1 reply
Domain registries can already get a certificate for your domain by changing the address to their own server temporarily and then doing ACME with LE. So no new vector is introduced by directly putting the cert in DNS.